Pre-existing error handling gaps in NvmeDriver::restore() identified during review of #3220. None are regressions — they existed before the eager/lazy restore split.
Items
-
flat_map silently drops queue restore failures — The restore loop uses flat_map with a Result-returning closure. Because Result implements IntoIterator, Err values are silently dropped. A queue that fails to restore (e.g., interrupt mapping failure) is quietly omitted with no diagnostic. Should use map + collect::<Result<Vec<_>, _>>()? to propagate errors.
-
expect("unable to find restored mem block") panics on mismatch — If saved state doesn't match the restored DMA allocations (corrupt state, version skew), this panics instead of returning a structured error. Should use .ok_or_else(|| anyhow!(...))?.
-
per_cpu[q.cpu as usize].set().unwrap() panics on invalid CPU — No bounds check before indexing, and .unwrap() on .set() panics if the slot is already occupied (duplicate CPU in saved state). Should validate q.cpu < cpu_count and handle duplicates with an error return.
Also tracked by Microsoft-internal ADO 61766158
Pre-existing error handling gaps in
NvmeDriver::restore()identified during review of #3220. None are regressions — they existed before the eager/lazy restore split.Items
flat_mapsilently drops queue restore failures — The restore loop usesflat_mapwith aResult-returning closure. BecauseResultimplementsIntoIterator,Errvalues are silently dropped. A queue that fails to restore (e.g., interrupt mapping failure) is quietly omitted with no diagnostic. Should usemap+collect::<Result<Vec<_>, _>>()?to propagate errors.expect("unable to find restored mem block")panics on mismatch — If saved state doesn't match the restored DMA allocations (corrupt state, version skew), this panics instead of returning a structured error. Should use.ok_or_else(|| anyhow!(...))?.per_cpu[q.cpu as usize].set().unwrap()panics on invalid CPU — No bounds check before indexing, and.unwrap()on.set()panics if the slot is already occupied (duplicate CPU in saved state). Should validateq.cpu < cpu_countand handle duplicates with an error return.Also tracked by Microsoft-internal ADO 61766158